Data Integrity

Denial Ain’t Just a River in Egypt:

Panel Discussion

John Avellanet, Managing Director & Principal, Cerulean Associates LLC

Beverly Lorell MD, Senior Medical & Policy Advisor, King & Spalding LLP

David Elder, Vice President – Management, Parexel International

Steve Niedelman, Lead Quality Systems & Compliance Consultant, King & Spalding LLP

Vicky C. Stoakes, President, IntegRx, Inc.

Data Integrity Definitions

• Definition used by FDA for internal training:

“Data are of high quality if they are fit for their intended uses in operations, decision-making and planning . . . as data volume increases, the question of internal consistency within data becomes paramount….”

• ALCOA acronym used by FDA to define expectations: Attributable Legible Contemporaneous Original Accurate

2

FDA Enforcement Action

• FDA will take action against companies that commit data fraud or provide false information to the agency

• “Companies must provide truthful and accurate information in their marketing applications…The American public expects and deserves no less.”

Janet Woodcock, M.D., Director, CDER

February 25, 2009 FDA News Release

3

Importance of Data Integrity

• Continues to be an FDA priority – Investigators receive specialized training to detect data

integrity, data manipulation, and fraud

• Regulators must be able to rely upon the accuracy and completeness of data / information generated to meet applicable regulatory requirements

• Assurances of product safety, identity, strength, purity, and quality are dependent on the validity of data and information obtained

• Data integrity violations – Erode public confidence

– Impugn product quality and patient safety

– Have a devastating impact on implicated organizations 4

Data Integrity Violations

Come in Many Forms

• Geographical areas ranging from domestic to international

• Firms ranging from small to large, new to well established

• Involvement ranging from an individual employee to a conspiracy

• Frequency of occurrence ranging from isolated to pervasive

• Observed in data generated premarket and postmarket

• Data types ranging from medical data to production data

• Acts of commission as well as omission

• Cases involve all types of regulated products

• Identified via regulatory inspections ,Whistleblowers, internal

findings, other…

5

• Using FDA’s findings as a standard, has your firm

evaluated internal data integrity systems to determine if

similar underlying cGMP/QSR deficiencies exist and

whether data manipulation may have occurred?

• Is your company’s prevailing mindset that data integrity

problems only happen to “other people”?

Is your firm in denial?

6

Panel Discussion Topics

• The types of data integrity violations identified during

recent FDA Inspections

• The regulatory, civil, and criminal penalties associated with

data integrity violations

• FDA expectations for review of electronic data and

information

• How to conduct internal and external audits from a data

integrity perspective

• Actions to take if data integrity concerns are identified

within your company or at a contractor

7

John Avellanet

Managing Director & Principal, Cerulean Associates LLC

Data Integrity Considerations

8

FDA Investigator Instructions

“If a firm is keeping electronic records, determine if they are in compliance with 21

CFR Part 11. At a minimum, ensure that:

(1) the firm has prepared a plan for achieving full compliance with part 11

requirements and is making progress toward completing that plan in a timely

manner

(2) accurate and complete electronic and human readable copies of electronic

records, suitable for review, are made available

(3) employees are held accountable and responsible for actions.

If initial findings indicate the firm’s electronic records may not be

trustworthy and reliable, or when electronic recordkeeping systems

inhibit meaningful FDA inspection, a more detailed evaluation may be warranted.”

- FDA Enforcement Compliance Policy Manual, Attachment A

http://www.fda.gov/ICECI/EnforcementActions/BioresearchMonitoring/ucm133927.htm

9

ICH Data Integrity

“…Quality control should be applied to each

stage of data handling to ensure that

all data are reliable and have been processed

correctly….”

- 2008 FDA GCP Training for Investigators, Drs. David Lepay & Jean Toth-Allen, OGCP

2011 FDA presentation on PAIs of Biologics, Anastasia G. Lolas, CDER

quote from ICH E6 § 5.1 Quality Assurance and Quality Control

10

Example Considerations

• Have personnel been trained on good documentation and good

data integrity practices?

• How does the firm ensure that analysts enter ALL test data, not

just the passing test results?

• For transcribed data, what verification processes are in place?

• When data is scanned, how does the firm ensure the evidentiary

admissibility of the scan (e.g., “certified copy”)?

• Has the system been validated and under change control?

Data Integrity at Creation

11

Example Considerations

• Did the firm verify computerized calculations prior to usage on the

data?

• Does the firm claim to use “paper records only” but then actively

use e-records to release batches, make safety and efficacy

decisions, etc.?

• How does the firm ensure that previously recorded SUSAR data

cannot be altered when reviewed?

Data Integrity during Active Usage

12

Example

PDF corruption of 6 day old batch record discovered when QC double-checked the PDF prior to releasing the last of the batch

As of September 2014, firm remains unable to print or re-save the file despite direct help from Adobe

13

Example Considerations

• Does the firm retain raw lab data/digital clinical source data

along with context (e.g., metadata)?

• What were the process checks undertaken prior, during, and

after clinical trial database lock? Transmittal to the sponsor?

• Does the firm have traceability on its complaint records to

ensure that none of the data is left out of any later analysis

(such as for an APR or QSMR) or when transmitted?

Data Integrity while Semi-Active

14

Example

Database corruption from

SQL-based clinical EDC at

CRO after trial lock

As of October 2012, only

the descriptors (i.e., “text”

“number”, etc.) of data that

should have been there

could be recovered

15

Example Considerations

• If the firm uses a storage vendor, is the vendor qualified?

• How often does the firm sample its long-term archives to

ensure continuing storage suitability and prevent data

deterioration?

• What controls does the firm have on retained record

destruction to prevent inadvertent loss of required data?

• Does the firm have a digital media migration strategy?

Data Integrity of Archives

16

“Documents and e-data spend

more than 80% of their

lifespan in an archived (e.g.,

stored) state. ” - ARMA International

17

Example

Graphical product insert from

2005 with detailed risk

information on it

As of December 2012, this is all

that the company could

recover from its approved

electronic proof

18

Data Integrity Lifecycle Controls

19

Translation:

Good data integrity requires

cross-functional framework

risk-based philosophy

pragmatic mentality

20

What Controls Do You Have So…

FDA can rely upon your data?

Physicians can rely upon your data?

Patients can rely upon your data?

Investors can rely upon your

data?

21

Picture Credits

Photos, images and clip art that appear on these slides have been used to enhance this presentation and

may NOT be used for commercial or promotional purposes without permission from copyright holders.

Do not remove or copy from this presentation.

Contact:

iStockphoto.com

Fotolia

Flickr

Microsoft Corporation

Cerulean Associates LLC

22

Beverly Lorell, MD, FACC

Senior Medical & Policy Advisor, King & Spalding LLP

Clinical Data Integrity Violations –

A GCP Perspective

23

Scientific Data Integrity:

A Hot Issue

• Many scandals with intense media attention

– Pharmaceutical and medical device clinical studies, as well as cutting edge basic science

• Globalization of clinical trials and complexity

• Eroding public confidence

• Far-reaching repercussions

– Delay in regulatory review and approval, retractions of public data, impact on clinical guidelines/standards

As examples,

24

“Rise of the Retractions”

• Investigator misconduct accounts for ~50% of retractions

25

Clinical Data Integrity:

Recent Scrutiny

26

Bloomburg

Clinical Data Integrity:

Recent Scrutiny

27

Clinical Data Integrity:

A Journey to Yoda

28

FDA Bioresearch Monitoring

Objectives

• To protect the rights, safety, and welfare of subjects involved in FDA-regulated clinical trials

• To verify the accuracy and reliability of clinical trial data submitted to FDA in support of research or marketing applications, and

• To assess compliance with FDA’s regulations governing the conduct of clinical trials

29

BIMO Metrics FY’13

• Most common Sponsor deficiencies – Inadequate monitoring

– Failure to bring investigators into compliance

– Inadequate accountability for investigational product

– Failure to obtain FDA and/or IRB approval

• Most common Investigator deficiencies – Failure to follow investigational plan and/or regulations

– Protocol deviations

– Inadequate recordkeeping

– Inadequate accountability for investigational product

– Failure to comply with IRB requirements

– Inadequate human subjects protection (failure report AEs and obtain informed consent)

30

Recent Trends - Warning Letters

“Advanced Magnetic Research Institute – Jan. 16, 2014

• Failure to maintain records and accurately report serious adverse events

• Violative promotion of investigational device

•

31

Recent Trends - Warning Letters

“Advanced Interventional Pain Center” – Mar. 14, 2014

• FDA determination that device is Significant Risk (SR) – enrolling patients before submitting IDE to FDA

• Failure to maintain accurate and complete records, including source documents and financial disclosure under Part 54

• Failure to report deviations from investigational plan

32

Many Portals for Scientific

Integrity Allegations

• FDA advisory committee meetings

– Clinical Event Committee – event adjudication; Data Monitoring Board – sponsor interactions

– Geographic region data disparities

• Clinical investigators and medical journals

– Medical journals (e.g., BMJ, NEJM, Lancet, NEJM)

– Direct interaction with media and/or members of Congress

• Media and other watchdogs

– Forbes, WSJ, NYT

– ProPublica, Retraction Watch, and more!

•

33

FDA Initiatives

• Falsification of data/omission of material facts

– “Reporting Information Regarding Falsification of Data” - Final Rule pending

• Globalization of clinical trials

– “Human Subject Protection; Acceptance of Data from Clinical Studies for Medical Devices” - Final Rule pending

• Sharing of GCP inspectional data

– “FDA-EMA GCP Initiative” and other programs

• Risk-based monitoring

– “Oversight of Clinical Investigations – A Risk-Based Approach to Monitoring” - New guidance

•

34

Challenges for Sponsors

“Sponsors are responsible for selecting qualified investigators… and ensuring that any reviewing IRB and FDA are promptly informed of significant new information about an investigation.” 21 C.F.R. 812.40

• During an ongoing clinical investigation, when and how should internal GCP audits be conducted?

• When do issues of potential data integrity rise to level of “significant new information about an investigation?”

• When and how should voluntary disclosures be made to FDA Office of Compliance?

•

35

David Elder

Vice President – Management, Parexel International

Data Integrity Violations –

A GMP Perspective

36

Data Integrity

• Issues with data integrity have been the downfall of

several companies. There are few things in business

(or in life) that are more important than integrity.

When any one issue is found, ALL other actions,

answers, documents, records, and people become

questionable.

• A few examples of recent findings….

37

Data Integrity

WL, May 2014, Sun Pharma.

• “Your firm frequently performs “unofficial testing” of

samples, disregards the results, and reports results from

additional tests. For example, during stability testing, your

firm tested a batch sample six times and subsequently deleted

this data”

• “Similar unacceptable data handling practices were observed

in your laboratory’s conduct of gas chromatography (GC)

analyses. The FDA investigators reviewed what appear to be

data from “unofficial” injections …Therefore, it appears that

out-of-specification data … was considered to be “unofficial,”

while passing data were reported as the "official" results for

the batch”

38

Data Integrity

WL, November 2013, Wockhardt

• “our investigators identified your practice of performing

“trial” sample analysis for high performance liquid

chromatography (HPLC) analyses at your Chikalthana

and Waluj facilities prior to acquiring the “official”

analytical data for release and stability testing”

39

Data Integrity

WL, Smruthi Organics Ltd, March 2014

• Our investigators identified calibration and media preparation records that were not authentic in that the persons that signed each record as having performed the activity were not at work on the day the work was accomplished.

• Our investigators identified the practice of performing trial injections for HPLC analyses prior to running the release and stability tests that are then reported. There was no justification for the practice of the trial preparations and

injections

40

Data Integrity

FDA-483, Ranbaxy-Toansa, January 2014

• Paraphrased observations (leading to extension of Consent

Decree and IA to this additional manufacturing site)

• Overwriting raw data files that had failing results

• Test/Sample injections with failing results

• Reported results differed from raw data

• Backdating of records; pre-filled records

• Samples/Records found in drawer in laboratory

labeled “blank paper”

41

Data Integrity

December 16, 2013

• The MHRA is setting an expectation that pharmaceutical manufacturers, importers and contract laboratories, as part of their self-inspection programme must review the effectiveness of their governance systems to ensure data integrity and traceability.

• This aspect will be covered during inspections from the start of 2014, when reviewing the adequacy of self inspection programmes in accordance with Chapter 9 of EU GMP.

• It is also expected that in addition to having their own governance systems, companies outsourcing activities should verify the adequacy of comparable systems at the contract acceptor.

• The MHRA invites companies that identify data integrity issues to contact: GMPInspectorate@mhra.gsi.gov.uk

Food for Thought: Does the self-inspection/internal audit and supplier management function of a company include trained individuals capable of detecting data integrity issues if they exist?

42

Data Integrity Is Not Isolated To

Lab Operations (Real Examples Noted)

• Applications filed with Regulatory Agencies:

– Records in FDA Applications Contained Different Signatures for the Same Person

– CMC Section in NDA Submitted to FDA Was Different from Copy on File at the Company. Company Unable to Verify Which Version Was Correct

– CMC Section Contained Validation Data Reported to Be from Production Autoclave, But FDA Inspection Revealed Production Autoclave Had Not Yet Been Installed on Dates Recorded

– Certain testing data submitted with application could not be verified from review of laboratory notebooks or electronic raw data

43

Data Integrity Is Not Isolated To

Lab Operations (Real Examples Noted)

• Quality System Documentation: • Observed employee fraudulently signing weighing record for activity

he did not perform

• Supervisor created logbooks after the fact for two years (after FDA requested to review)

• Cleaning employee was suspected of lying, so 5 FDA investigators returned to the plant during the next cleaning to simultaneously watch actual practices in five different areas. FDA confirmed employee had lied

• Employee discarded project file (raw data, chromatograms, analytical worksheets) to hide records from detection by auditor (& company management) Entire completed original batch records for several lots were found in supervisors possession, duplicate records had been created for the document retention files

• Entries for “tomorrow’s” batch had already been filled out

• Desk drawer at analyst workbench contained multiple OOS worksheets that had not been reported to QA

• Log book contained dated entries that were out of sequence

• In-process batch record with blanks for significant steps, post-it-note created by supervisor instructing employee to fill in the blanks

44

Data Integrity Is Not Isolated To

Lab Operations

WL, July 2014, Zhejiang Jiuzhou Pharmaceutical – Failure to document manufacturing operations at the time they are

performed.

• When reviewing the entries in your… logbook for the days immediately prior to the inspection, our investigator found missing entries. Your operators stated that lines were left blank to later add information about cleaning events that may have occurred during a previous shift. During the inspection, our investigator found other similar instances of missing data or belated data entry in your manufacturing records. These practices are not consistent with CGMP.

• In addition, during the inspection, one of your quality unit employees presented the investigator with a batch record containing his signature, stating that he had performed the review of this batch record. The employee later admitted that he had falsified this CGMP record and stated that he in fact had not performed the review, despite having signed the batch record as the QA reviewer and having released the batch. This data falsification and the record-keeping deficiencies described above raise doubt regarding the validity of your firm’s records.

45

Acknowledgement/References

• Presentation, FDLI Pharmaceutical GMP training program, July 2014,

D. Elder

• Presentation/Training, R. Tetzlaff, PhD

• FDA Training Course, Drug Inspection Training, Data Integrity Section

46